O'Reilly logo
live online training icon Live Online training

Ansible for Managing Network Devices

Nicholas Russo

Ansible rapidly became the de-facto standard for open-source network automation due to its agentless nature and low barriers for entry. Participants will master the Ansible techniques for effectively managing network devices across a wide spectrum of business needs. For example, risk-averse organizations may opt to use Ansible in a very different way than organizations seeking to actively modernize their network operations.

The author’s publicly available Ansible playbooks will be deployed and evaluated throughout this course to provide real-life context around Ansible and the value it brings to any organization. This course has very little static content and is primarily taught using hands-on demonstrations, making it different from other forms of training.

The course has two main blocks. The first block contains an Ansible refresher, the creation of a minimalist network data collection playbook, and a deep-dive into one of the author’s open-source data collection playbooks. The second block discusses the concept of intent-based/declarative network, the creation of a minimalist configuration management playbook, and a deep-dive into one of the author’s open-source configuration management playbooks.

Participants will learn how to “start small” with Ansible and grow their automation solution in lockstep with their business. Participants will be able to collect large amounts of data from network devices and store the output files in an organized fashion. Participants will also learn the fundamentals of “infrastructure as code” via comprehensive example, allowing users to manage network devices just updating Ansible variables and not manually configuring devices.

What you'll learn-and how you can apply it

  • Brief Ansible refresher (but not enough to skip the prerequisite listed)
  • Creation of Ansible playbooks from scratch
  • Using Ansible for data collections for low-risk technology insertion
  • Ansible as a configuration management tool to simplify monotonous tasks
  • Detailed analysis and enhancement opportunities of existing playbooks

This training course is for you because...

  • You are a network engineer, NetDevOps engineer, automation engineer, or in any other role that requires large-scale management of network devices.

This course is an intermediate-level of difficulty (see prerequisites). The course is primarily focused on Ansible design and implementation as a technology. However, the modern world requires engineers to have some “business smarts”. The instructor always ties in “what” we are doing to “why” it matters for businesses and their tolerance for risk.

Prerequisites

Recommended Preparation

  • Access to a modern Linux distribution of any flavor. The author is using an Amazon Linux instance in AWS
  • IP connectivity between the Linux station and at least one router. The author is using a Cisco CSR1000v in AWS.
  • All devices should be easy to manage (SSH/telnet/console) as we will be moving between devices quickly.
  • The Linux machine, at a minimum, needs Internet access.
  • The following playbooks will be used in the demonstration of this course:

https://github.com/nickrusso42518/racc

https://github.com/nickrusso42518/natm

Recommended Follow-up

  • Ansible in 3 Hours (Safari Live Training) with Sander van Vugt – look for newly posted classes on the Online Training page
  • Ansible Fundamentals LiveLessons: http://sunburn.in/?page=videos/ansible-fundamentals-livelessons/9780134863870

About your instructor

  • Nicholas Russo holds a Bachelor’s of Science in Computer Science from the Rochester Institute of Technology (RIT). His primary programming experience is in C# and Java, but has been programming almost exclusively in Ansible and Python over the past several years. Nick’s day job is an automation-focused network engineer but he loves teaching others about technology. Nick lives in Maryland, USA with his wife, Carla, and daughter, Olivia.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Ansible Refresher (25 min)

  • Instructor will quickly review the core Ansible components, such as inventory, config files, playbooks/plays/tasks, and variables.
  • Participants will know immediately whether this is the right course for them. If all the prequisities are complete, then this should be a refresher. For those less familiar with Ansible, this section should reinforce the core concepts upon which all Ansible development is based.

Basic Network Collection Playbook (25 min)

  • Instructor will build a minimalist playbook that uses the new “network_cli” connection method to collect information from the network devices. This will be a deep dive into the #1 issue with using Ansible for networks; establishing connectivity to devices. The instructor will detail how to troubleshoot login issues during the construction of the playbook.
  • Participants will observe (or build themselves) a complete and functional Ansible playbook for network information collection. They will learn about assessing business risk during the discussion as the playbooks throughout the course will get increasingly more complex, and thus riskier.

Break (length: 10 min)

Run Arbitrary CLI Commands (racc) Playbook (50 min)

  • Instructor will clone the “racc” playbook, a production-grade information collector, from Github. Then, the class will walk through it piece by piece to see how it works for any arbitrary list of commands and different sets of network devices. Last, we will observe the nicely formatted output files.
  • Participants should see, at the conclusion of this demonstration, the clear business value of using simple Ansible tools (such as racc) to drastically reduce the time spent on monotonous network tasks. Participants should also mentally note that using such a tool in their production environments is very easy to set up and maintain (real-world context).

Break (length: 10 min)

Intent/Declarative Network (15 min)

  • Instructor will discuss what the newest buzzwords “intent-based” and “declarative state” actually mean within the context of network management and operations. New terms such as “idempotence” will be introduced and explained with clear, real-life examples.
  • Participants will have firm understanding of how Ansible is meant to maintain the state of devices based on business requirements without needing to consider the preexisting state of the device (in some cases).

Basic Network Configuration Playbook (35 min)

  • Instructor will built a minimalist playbook that uses the new “network_cli” connection method to maintain configuration on network devices in an idempotent way. The solution will use a combination of in-line YAML command issuance and Jinja2 templated “intended” configuration.
  • Participants will observe (or build themselves) a complete and functional Ansible playbook for network device management. Participants will see simple examples executed perfectly (rather than complex examples executed poorly), with a discussion around more complex examples to be covered in a potential future class.

Break (length: 10 min)

Network Address Translation Manager (natm) Playbook (60 min)

  • Instructor will clone the “natm” playbook, a production-grade one-to-one NAT management tool, from Github. Then, we will walk through it piece by piece to see how it works to maintain the NAT state of the target devices with simplified logging for any needed changes.
  • Participants should see, at the conclusion of this demonstration, the clear business value of using simple Ansible tools (such as natm) to drastically reduce the time spent on managing NAT statements. Participants should also mentally note that using such a tool in their production environments is very easy to set up and maintain (real-world context).